Trouble reseting OpenPGP card after admin PIN lockout
Paul R. Ramer
free10pro at gmail.com
Wed Jan 22 10:59:37 CET 2014
On 01/21/2014 03:23 AM, Peter Lebbing wrote:
> TL;DR: I think you might be helped by . Do an "scd killscd" from
> gpg-connect-agent, install and start pcscd, install the Python module pyscard
> and run the script from . By the way, if you have an OpenPGP v.1 card, you're
> screwed, they self-destruct on 3 wrong Admin PINs.
I followed your instructions and they worked. Thank you very much.
Thanks for doing all of the testing and research. I am sure that it
will be of good use for others as well if they encounter this problem.
> Note that an OpenPGP v1.1 card will self-destruct on 3 wrong admin PINs. If you
> have a v1.1 card, you're out of luck.
> However, a v2.0 card can be quite a bitch as well. [...]
Uh, yes. Well, this started out as testing to see if reseting the card
after exhausting the 3 tries on the Admin PIN would be straight forward.
I guess the old saying, "Be careful what you wish for," would apply
here. I knew that the v1.1 card would be fried in this case, so armed
with the knowledge that a v2.0 card could be reset I set out to test it.
All the time I was thinking, "This should be easy." :-)
> Then at some point, my card stopped working. I would get "Incorrect value" if I
> remember, euh... correctly. I got a bit worried at this point, and decided to
> kill scdaemon and gpg-agent to start with a clean slate. gpg-agent however is
> started by my X session, and killing it only made it <defunct>. At this point I
> logged out, and lost my log of what I had done. Oops! There goes an exact and
> detailed transcript of how it went wrong. Aaarrrggh! Why didn't I set screen to
> log all to a file?!
Our brains always seem to know the best course of action after the
opportunity for it has passed. :-)
> At this point my card works again. A little while earlier in writing this mail,
> I thought "well that's the last time I experiment with resetting an OpenPGP card
> to help someone", but I suppose I'm good to go again :). I don't have to throw
> out my unused card after all.
I have been there before with other hardware and software problems. But
despite every time that I determined that I was finished with "X"
software or hardware, I would later pick it up again and eventually
figure it out.
More information about the Gnupg-users